Cloud Incident Response and Forensics

With the number of medical companies either jumping into the cloud by choice in order to gain a competitive edge over their competitors, or being pushed into the cloud, it has become necessary to respond to an incident in their cloud environment. It is essential for these medical companies, both large and small, to have a game plan when they respond to an incident. Defaulting to their service provider in the hope that they will provide an incident response plan is just sheer stupidity. Simply relying on insurance and hope to ensure cloud coverage is also wishful thinking. A structure, a game plan and a first responder are all unequivocally essential.

When companies move their applications, infrastructure and services to the cloud, such a move exposes them to a whole new range of unknown and unassessable vulnerabilities and there is simply just not enough talent to go around to address these security needs. Right now, in the information security talent pool that is capable of handling the cloud, there are only a limited amount of people that can successfully, and fully, address security needs. These companies still need to ensure that they have employees capable of achieving this, much like they would have in their own local business. “Just because there is a new dress, it does not mean that the dance has changed”. In 2022, other companies are going to be pushed into the cloud or fall by the wayside. What this means is that it is vital to move to the cloud in order to stay in business. Laws are now even stricter and require more compliance than ever because of exposure to unknown risks.

The big question is, what can we do about it? The first thing to do is to acquire visibility into these environments. The second thing, is to understand the most critical applications and systems, especially those that need to remain up at all times. This will provide an insight into which items need to be most urgently addressed.

Used with direct permission from author